Package org.pentaho.platform.web.http.api.resources

Class UserRoleDaoResource

java.lang.Object
org.pentaho.platform.web.http.api.resources.AbstractJaxRSResource
org.pentaho.platform.web.http.api.resources.UserRoleDaoResource
public class UserRoleDaoResource extends AbstractJaxRSResource
UserRoleDao manages Pentaho Security user and roles in the BA platform.

  • Constructor Details

    • UserRoleDaoResource

      public UserRoleDaoResource()

    • UserRoleDaoResource

      public UserRoleDaoResource(org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao roleBindingDao, org.pentaho.platform.api.mt.ITenantManager tenantMgr, ArrayList<String> systemRoles, String adminRole)

    • UserRoleDaoResource

      public UserRoleDaoResource(org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao roleBindingDao, org.pentaho.platform.api.mt.ITenantManager tenantMgr, ArrayList<String> systemRoles, String adminRole, UserRoleDaoService service)

  • Method Details

    • createUser

      public javax.ws.rs.core.Response createUser(User user)
      Creates a new user with the specified name and password. This request is encapsulated inside a user object that has userName and password values. The user is created without any assigned roles, roles must be assigned separately. This endpoint is only accessible to an administrative user.

      Example Request:
      PUT pentaho/api/userroledao/createUser 

       
   Luke
   password

      Parameters:
      user - A user is an object the system uses to pass along a userName and password in the format: 
                
            Joe
            password
      Returns:
      Response object containing the status code of the operation

    • deleteUsers

      public javax.ws.rs.core.Response deleteUsers(String userNames)
      Delete user(s) from the platform using a query parameter that takes a list of tab separated user names. This endpoint is only available to users with administrative privledges.

      Example Request:
      PUT pentaho/api/userroledao/deleteUsers?userNames=user1%09user2%09

      Parameters:
      userNames - (List of tab (\t) separated user names)
      Returns:
      Response object containing the status code of the operation

    • changeUserPassword

      public javax.ws.rs.core.Response changeUserPassword(ChangePasswordUser user)
      Allows a user to change their password. The information is encapsulated in a ChangeUserPassword object that contains these fields: userName, newPassword, oldPassword.

      Example Request:
      PUT pentaho/api/userroledao/user 

       
   Luke
   newPassword
   oldPassword

      Parameters:
      user - Encapsulates the fields required for a user to update their password. The object requires the name of the user whose password is being changed, the old password, and the new password. A ChangePasswordUser object can be constructed as follows: <
      >
 
   Luke
   newPassword
   oldPassword
      Returns:
      Response object containing the status code of the operation

    • getUsers

      public UserListWrapper getUsers() throws javax.ws.rs.WebApplicationException
      Returns the list of users in the platform's repository.

      Example Request:
      GET pentaho/api/userroledao/users

      Returns:
      List of users in the platform.

      Example Response: 

        
    suzy
    pat
    tiffany
    admin
      Throws:
      javax.ws.rs.WebApplicationException

    • getRolesForUser

      public RoleListWrapper getRolesForUser(String user) throws Exception
      Gets the roles for the given user.

      Example Request:
      GET pentaho/api/userroledao/userRoles?userName=suzy

      Parameters:
      user - The username to get the roles for.
      Returns:
      List containing the roles for the given user.

      Example Response:

           <?xml version="1.0" encoding="UTF-8" standalone="yes"?><roleList><roles>Power User</roles></roleList>
      Throws:
      Exception

    • assignRolesToUser

      public javax.ws.rs.core.Response assignRolesToUser(String userName, String roleNames)
      Appends existing roles to an existing user passed to the system through query parameters.
      If the user name exists but the role name is not valid, the call will return 200. This means that the call itself was successful and able to find the user, but added no new roles to it. This prevents the call from failing in the instance of a set of other valid roles, with a single invalid role among them. This endpoint is only available to users with administrative privileges.

      Example Request:
      PUT pentaho/api/userroledao/assignRoleToUser?userName=admin&roleNames=power%20user%09cto%09

      Parameters:
      userName - The username that the list of roles will be appended to
      roleNames - Rolenames must be associated to existing roles in a tab (\t) separated list
      Returns:
      Response object containing the status code of the operation

    • removeRolesFromUser

      public javax.ws.rs.core.Response removeRolesFromUser(String userName, String roleNames)
      Removes selected roles from an existing user passed to the system through query parameters. This endpoint is only available to users with administrative privileges.

      Example Request:
      PUT pentaho/api/userroledao/removeRoleFromUser?userName=admin&roleNames=Business%20User%09Power%20User%09

      Parameters:
      userName - The username that the list of roles will be removed from.
      roleNames - Rolenames must be associated to existing roles in a tab (\t) separated list.
      Returns:
      Response object containing the status code of the operation.

    • createRole

      public javax.ws.rs.core.Response createRole(String roleName)
      Creates a new role that that does not have any permissions assigned to it. Permissions must be assigned after creating the role. This endpoint is only usable by an administrative user.

      Example Request:
      PUT pentaho/api/userroledao/createRole?roleName=rName

      Parameters:
      roleName - Name of the new role to create in the system.
      Returns:
      Response containing the result of the operation.

    • deleteRoles

      public javax.ws.rs.core.Response deleteRoles(String roleNames)
      Delete role(s) from the platform. This endpoint is only available to users with administrative privileges.

      Example Request:
      PUT pentaho/api/userroledao/deleteRoles?roleNames=role1%09

      Parameters:
      roleNames - List of tab (\t) separated role names, must be valid roles.
      Returns:
      Response containing the result of the operation.

    • getRoles

      public RoleListWrapper getRoles() throws Exception
      Returns the list of roles in the platform's repository.

      Example Request:
      GET pentaho/api/userroledao/roles

      Returns:
      List of roles in the platform.

      Example Response:

         <?xml version="1.0" encoding="UTF-8" standalone="yes"?><roleList><roles>Administrator</roles><roles>Power User</roles><roles>Report Author</roles><roles>Business Analyst</roles></roleList>>
      Throws:
      Exception

    • getRoleMembers

      public UserListWrapper getRoleMembers(String roleName) throws Exception
      Retrieves list of users for the selected role. The role must be a valid role in the system. Must have administrative privileges to access this.

      Example Request:
      GET pentaho/api/userroledao/roleMembers?roleName=Power%20User

      Parameters:
      roleName - The role name to get the list of users associated with it.
      Returns:
      List of users for the selected role.

      Example Response:

         <?xml version="1.0" encoding="UTF-8" standalone="yes"?><userList><users>suzy</users><users>admin</users></userList>
      Throws:
      Exception

    • setLogicalRoles

      public javax.ws.rs.core.Response setLogicalRoles(LogicalRoleAssignments roleAssignments)
      Associate a particular role to a list of physical permissions available in the system. Setting the physical permissions to the roles is a way to add and delete permissions from the role. Any permissions the role had before that are not on this list will be deleted. Any permissions on this list that were not previously assigned will now be assigned.

      Example Request:
      PUT /pentaho/api/userroledao/roleAssignments 

         <systemRolesMap>
   <assignments>
   <roleName>Report Author</roleName>
   <logicalRoles>org.pentaho.scheduler.manage</logicalRoles>
   <logicalRoles>org.pentaho.repository.read</logicalRoles>
   <logicalRoles>org.pentaho.security.publish</logicalRoles>
   <logicalRoles>org.pentaho.repository.create</logicalRoles>
   <logicalRoles>org.pentaho.repository.execute</logicalRoles>
   </assignments>
   </systemRolesMap>
      Parameters:
      roleAssignments - Built from the Request payload, an example of the role assignments exists in the example request.
      Returns:
      Response code determining the success of the operation.

    • getRoleBindingStruct

      public SystemRolesMap getRoleBindingStruct(String locale)
      Retrieves the list of roles in the platform and the mapping for operation permissions, along with a list of operation permissions. The logical role name mapping is determined by the locale. If the locale is empty, the system will use the default locale of "en".

      Example Request:
      GET pentaho/api/userroledao/logicalRoleMap?locale=en

      Parameters:
      locale - The locale paramter is optional and determines the localized role name for a physical permission in the system roles map.
      Returns:
      A role mapping for the current system. Each assignment contains the immutable flag and roles for immutable assignments cannot be edited. This is useful for roles such as administrator, who should never lose the administrative privilege. Logical roles in the assignment are the physical permissions currently mapped to the role. The role name is the name of the role that can be assigned to users. The system roles map also includes a list of all physical permissions in the system along with their localized role name. The localized role name is based on the locale passed into the call, defaulting to "en". These are the physical permissions that can be used to create roles.

      Example Response:

        <systemRolesMap>
  <assignments>
  <immutable>false</immutable>
  <logicalRoles>org.pentaho.scheduler.manage</logicalRoles>
  <logicalRoles>org.pentaho.security.publish</logicalRoles>
  <logicalRoles>org.pentaho.repository.create</logicalRoles>
  <logicalRoles>org.pentaho.repository.execute</logicalRoles>
  <roleName>Power User</roleName>
  </assignments>
  <assignments>
  <immutable>true</immutable>
  <logicalRoles>org.pentaho.repository.execute</logicalRoles>
  <logicalRoles>
    org.pentaho.platform.dataaccess.datasource.security.manage
  </logicalRoles>
  <logicalRoles>org.pentaho.repository.read</logicalRoles>
  <logicalRoles>org.pentaho.repository.create</logicalRoles>
  <logicalRoles>org.pentaho.scheduler.manage</logicalRoles>
  <logicalRoles>org.pentaho.security.administerSecurity</logicalRoles>
  <logicalRoles>org.pentaho.security.publish</logicalRoles>
  <roleName>Administrator</roleName>
  </assignments>
  <localizedRoleNames>
  <localizedName>Administer Security</localizedName>
  <roleName>org.pentaho.security.administerSecurity</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Schedule Content</localizedName>
  <roleName>org.pentaho.scheduler.manage</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Read Content</localizedName>
  <roleName>org.pentaho.repository.read</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Publish Content</localizedName>
  <roleName>org.pentaho.security.publish</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Create Content</localizedName>
  <roleName>org.pentaho.repository.create</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Execute</localizedName>
  <roleName>org.pentaho.repository.execute</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Manage Data Sources</localizedName>
  <roleName>
  org.pentaho.platform.dataaccess.datasource.security.manage
  </roleName>
  </localizedRoleNames>
  </systemRolesMap>

    • assignAllRolesToUser

      public javax.ws.rs.core.Response assignAllRolesToUser(String tenantPath, String userName)
      Associate all roles to the selected user
      Parameters:
      tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
      userName - (username)
      Returns:

    • removeAllRolesFromUser

      public javax.ws.rs.core.Response removeAllRolesFromUser(String tenantPath, String userName)
      Remove all roles from the selected user
      Parameters:
      tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
      userName - (username)
      Returns:

    • assignUserToRole

      public javax.ws.rs.core.Response assignUserToRole(String tenantPath, String userNames, String roleName)
      Associate list of users to the selected role
      Parameters:
      tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
      userNames - (list of tab (\t) separated user names
      roleName - (role name)
      Returns:

    • removeUserFromRole

      public javax.ws.rs.core.Response removeUserFromRole(String tenantPath, String userNames, String roleName)
      Remove user(s) from a particular role
      Parameters:
      tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
      userNames - (list of tab (\t) separated user names
      roleName - (role name)
      Returns:

    • assignAllUsersToRole

      public javax.ws.rs.core.Response assignAllUsersToRole(String tenantPath, String roleName)
      Associates all user to a particular role
      Parameters:
      tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
      roleName - (role name)
      Returns:

    • removeAllUsersFromRole

      public javax.ws.rs.core.Response removeAllUsersFromRole(String tenantPath, String roleName)
      Removes all users from a particular role
      Parameters:
      tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
      roleName - (role name)
      Returns:

    • updatePassword

      public javax.ws.rs.core.Response updatePassword(UserChangePasswordDTO user)
      This is an administrative tool, that allows an administrator the ability to change any users password by passing in the username and the new password. Additionally the current administrator password is needed to authorize the change. The fields are encapsulated in a user object containing a userName, password and administratorPassword.

      Example Request:
      PUT pentaho/api/userroledao/updatePassword 

       
   Joe
   password
   administratorPassword

      Parameters:
      user - A user is an object the system uses to pass along a userName, password and administratorPassword in the format: 
                
            Joe
            password
            administratorPassword
      Returns:
      response object containing the status code of the operation

    • getTenant

      protected org.pentaho.platform.api.mt.ITenant getTenant(String tenantId) throws com.sun.jersey.api.NotFoundException
      Throws:
      com.sun.jersey.api.NotFoundException

    • canAdminister

      protected boolean canAdminister()

    • updateRolesForCurrentSession

      protected void updateRolesForCurrentSession()

    • getSession

      protected org.pentaho.platform.api.engine.IPentahoSession getSession()

    • getUserRoleDao

      protected org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao getUserRoleDao()
      For testing